kubernetes 应用程序抛出 DatastoreException、缺少或权限不足。提供的服务密钥文件
kubernetes application throws DatastoreException, Missing or insufficient permissions. Service key file provided
我正在 google kubernetes 引擎上部署 java 应用程序。应用程序正确启动但在尝试请求数据时失败。例外是 "DatastoreException, Missing or insufficient permissions"。我创建了具有 "Owner" 角色的服务帐户,并向 kubernetes 提供了服务帐户密钥。这是我如何应用 kubernetes 部署:
# delete old secret
kubectl delete secret google-key --ignore-not-found
# file with key
kubectl create secret generic google-key --from-file=key.json
kubectl apply -f prod-kubernetes.yml
这是部署配置:
apiVersion: v1
kind: Service
metadata:
annotations:
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
name: user
labels:
app: user
spec:
type: NodePort
ports:
- port: 8000
name: user
targetPort: 8000
nodePort: 32756
selector:
app: user
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: userdeployment
spec:
replicas: 1
template:
metadata:
labels:
app: user
spec:
volumes:
- name: google-cloud-key
secret:
secretName: google-key
containers:
- name: usercontainer
image: gcr.io/proj/user:v1
imagePullPolicy: Always
volumeMounts:
- name: google-cloud-key
mountPath: /var/secrets/google
env:
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /var/secrets/google/key.json
ports:
- containerPort: 8000
我想知道为什么它不起作用?我在以前的部署中使用过此配置并取得了成功。
UPD:我确保 /var/secrets/google/key.json 存在于 pod 中。我打印 Files.exists(System.getEnv("GOOGLE_APPLICATION_CREDENTIALS")) 来记录。我还打印了这个文件的内容 - 它似乎没有损坏。
已解决,原因是 evn 名称不正确 GOOGLE_CLOUD_PROJECT
我正在 google kubernetes 引擎上部署 java 应用程序。应用程序正确启动但在尝试请求数据时失败。例外是 "DatastoreException, Missing or insufficient permissions"。我创建了具有 "Owner" 角色的服务帐户,并向 kubernetes 提供了服务帐户密钥。这是我如何应用 kubernetes 部署:
# delete old secret
kubectl delete secret google-key --ignore-not-found
# file with key
kubectl create secret generic google-key --from-file=key.json
kubectl apply -f prod-kubernetes.yml
这是部署配置:
apiVersion: v1
kind: Service
metadata:
annotations:
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
name: user
labels:
app: user
spec:
type: NodePort
ports:
- port: 8000
name: user
targetPort: 8000
nodePort: 32756
selector:
app: user
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: userdeployment
spec:
replicas: 1
template:
metadata:
labels:
app: user
spec:
volumes:
- name: google-cloud-key
secret:
secretName: google-key
containers:
- name: usercontainer
image: gcr.io/proj/user:v1
imagePullPolicy: Always
volumeMounts:
- name: google-cloud-key
mountPath: /var/secrets/google
env:
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /var/secrets/google/key.json
ports:
- containerPort: 8000
我想知道为什么它不起作用?我在以前的部署中使用过此配置并取得了成功。
UPD:我确保 /var/secrets/google/key.json 存在于 pod 中。我打印 Files.exists(System.getEnv("GOOGLE_APPLICATION_CREDENTIALS")) 来记录。我还打印了这个文件的内容 - 它似乎没有损坏。
已解决,原因是 evn 名称不正确 GOOGLE_CLOUD_PROJECT